Test Bank Mod 01 Introduction to Security PDF

Preview

Summary

21 page answer bank to cybersecurity questions, 30 total. says test mod-01, but these answers can be found in a variety of quizzes that professors offer...

Description

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security 1. Which type of threat actor would benefit the most from accessing your enterprise's new machine learning

algorithm research and development program? a. Shadow IT b. Brokers c. Criminal syndicates d. Competitors ANSWER: FEEDBACK:

d a. Incorrect. Shadow IT are employees of the enterprise frustrated with the pace of acquiring new technology.

b.Incorrect. Brokers sell their knowledge of a security weakness to other attackers or governments.

c.Incorrect. Criminal syndicates are threat actors who involve experienced online criminals who do not commit crimes themselves but acts as entrepreneurs. d.Correct. Competitors are threat actors who launch attacks against an opponent's system to steal classified information like industry research or customer lists.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.2 - Identify threat actors and their attributes JECTIVES: ACCREDITIN SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources. G STANDARDS : TOPICS: Who Are the Threat Actors? KEYWORDS: Bloom's: Apply DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 2. Which of the following types of platforms is known for its vulnerabilities due to age? a. On-premises platform b. Cloud platform c. Legacy platform d. Online platform ANSWER: FEEDBACK:

c a. Incorrect. On-premises platforms ("on-prem") are the software and technology located within an enterprise's physical confines, usually consolidated in the company's data center.

Copyright Cengage Learning. Powered by Cognero.

Page 1

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security b.Incorrect. Cloud platforms are a new model gaining widespread use. They are a pay-per-use computing model in which customers pay only for the online computing resources they need.

c.Correct. Legacy platforms are no longer in widespread use, often because they have been replaced by an updated version of the earlier technology. d.Incorrect. An online platform is one that has its front end and back end online.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks JECTIVES: ACCREDITIN SY0-601.1.6 - Explain the security concerns associated with various types of G STANDARDS vulnerabilities. : TOPICS: Vulnerabilities and Attack KEYWORDS: Bloom's: Remember DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 3. Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs.

Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols? a. Hacktivist b. Insider c. State actor d. Script kiddy ANSWER: FEEDBACK:

a a. Correct. A hacktivist is strongly motivated by ideology for the sake of their principles or beliefs.

b.Incorrect. This serious threat to an enterprise comes from its own employees, contractors, and business partners, called insiders. They pose an insider threat of manipulating data from the position of a trusted employee. c.Incorrect. These types of actors are employed by governments for launching cyberattacks against their foes. d.Incorrect. Script kiddies do their work by downloading freely available Copyright Cengage Learning. Powered by Cognero.

Page 2

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security automated attack software (scripts) and using it to perform malicious acts.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.2 - Identify threat actors and their attributes JECTIVES: ACCREDITIN SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources. G STANDARDS : TOPICS: Who Are the Threat Actors? KEYWORDS: Bloom's: Apply DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 4. Threat actors focused on financial gain often attack which of the following main target categories? a. Product lists b. Individual users c. Social media assets d. REST services ANSWER: FEEDBACK:

b a. Incorrect. Product lists could be used for many things, but they are not a main target of attacks motivated by financial gain.

b.Correct. This category focuses on individuals as the victims. Threat actors steal and use data, credit card numbers, online financial account information, or social security numbers or send millions of spam emails to peddle counterfeit drugs, pirated software, fake watches, and pornography to profit from their victims.

c.Incorrect. Social media assets are attacked but do not fall into one of the main categories.

d.Incorrect. REST services could be a potential sub-level target but are not considered one of the main categories.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.2 - Identify threat actors and their attributes JECTIVES: ACCREDITIN SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources. Copyright Cengage Learning. Powered by Cognero.

Page 3

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security G STANDARDS : TOPICS: Who Are the Threat Actors? KEYWORDS: Bloom's: Remember DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 5. Which issue can arise from security updates and patches? a. Difficulty patching firmware b. Difficulty updating settings c. Difficulty resetting passwords d. Difficulty installing databases ANSWER: FEEDBACK:

a a. Correct. Updating firmware to address a vulnerability can often be difficult and requires specialized steps. Furthermore, some firmware cannot be patched.

b.Incorrect. While a potential difficulty in some situations, updating most settings is an easy change in many cases. c.Incorrect. Resetting passwords is not included in updates and patches.

d.Incorrect. Installing databases is not a function of security updates. POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks JECTIVES: ACCREDITIN SY0-601.1.6 - Explain the security concerns associated with various types of G STANDARDS vulnerabilities. : TOPICS: Vulnerabilities and Attacks KEYWORDS: Bloom's: Remember DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 6. Which of the following is an attack vector used by threat actors to penetrate a system? a. Phishing b. Intimidation Copyright Cengage Learning. Powered by Cognero.

Page 4

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security c. Urgency d. Email ANSWER: FEEDBACK:

d a. Incorrect. Phishing is a specific type of attack but not an actual vector type.

b.Incorrect. Intimidation might be used to scare someone into giving information but is not a type of vector. c.Incorrect. Urgency is a psychological-based social engineering tactic used to get the victim to give up sensitive information; it is not an attack vector type.

d.Correct. Almost 94 percent of all malware is delivered through email to an unsuspecting user. The goal is to trick the user into opening an attachment that contains malware or click on a hyperlink that takes the user to a fictitious website.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks JECTIVES: ACCREDITIN SY0-601.1.5 - Explain different threat actors, vectors, and intelligence sources. G STANDARDS : TOPICS: Vulnerabilities and Attacks KEYWORDS: Bloom's: Understand DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 7. What is a variation of a common social engineering attack targeting a specific user? a. Spear phishing b. Redirection c. Spam d. Watering holes ANSWER: FEEDBACK:

a a. Correct. Spear phishing targets specific users. The emails used in spear phishing are customized to the recipients, including their names and personal information, to make the message appear legitimate.

b.Incorrect. Threat actors use redirection to get users to click on or visit a fake site. These attacks are not targeted at specific users.

c.Incorrect. Spamming is a lucrative means of sending unsolicited emails to several recipients. The cost of sending millions of spam email messages is meager, and the potential payoff can be high. Copyright Cengage Learning. Powered by Cognero.

Page 5

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security d.Incorrect. A watering hole attack is directed towards a smaller group of specific individuals, such as the executives working for a manufacturing company. These executives all tend to visit common websites, such as supplier sites. An attacker who wants to target this group of executives infects the commonly used site with malware that will then make its way onto the group's computers and networks.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks JECTIVES: ACCREDITIN SY0-601.1.1 - Compare and contrast different types of social engineering attacks. G STANDARDS : TOPICS: Vulnerabilities and Attacks KEYWORDS: Bloom's: Remember DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 8. Which of the following is a social engineering method that attempts to influence the subject before the event

occurs? a. Spear

phishing b. Redirection c. Prepending d. Watering hole ANSWER: FEEDBACK:

c a. Incorrect. Spear phishing targets specific users. The emails used in spear phishing are customized to the recipients, including their names and personal information, to make the message appear legitimate.

b.Incorrect. If threat actors cannot trick a user into visiting a malicious website through phishing, they can use other tactics to redirect users to fake websites. c.Correct. Prepending attempts to influence the subject before the attack event occurs. A common general example is a preview of a soon-to-be-released movie that begins with the statement, "The best film you will see this year!" Threat actors use prepending with social engineering attacks, such as including the desired outcome in a statement that uses the urgency principle, as in "You need to reset my password immediately because my meeting with the board starts in five minutes." d.Incorrect. A watering hole attack is directed towards a smaller group of Copyright Cengage Learning. Powered by Cognero.

Page 6

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security specific individuals, such as the top executives working for a manufacturing company. These executives all tend to visit common websites, such as supplier sites. An attacker who wants to target this group of executives infects the commonly used site with malware that will then make its way onto the group's computers and networks.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks JECTIVES: ACCREDITIN SY0-601.1.1 - Compare and contrast different types of social engineering attacks. G STANDARDS : TOPICS: Vulnerabilities and Attacks KEYWORDS: Bloom's: Remember DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 9. Which attack embeds malware-distributing links in instant messages? a. Spam b. Spim c. Phishing d. Tailgating ANSWER: FEEDBACK:

b a. Incorrect. Spam involves sending millions of unsolicited emails to a large number of companies and/or recipients.

b.Correct. Spim is spam delivered through an IM service instead of email.

c.Incorrect. Phishing is the social engineering process of sending email messages or displaying a web announcement that falsely claims to be from a legitimate enterprise to trick a user into giving information or taking action. d.Incorrect. Once an authorized person opens the door, one or more individuals can follow behind and also enter. This is known as tailgating.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks Copyright Cengage Learning. Powered by Cognero.

Page 7

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security JECTIVES: ACCREDITIN SY0-601.1.1 - Compare and contrast different types of social engineering attacks. G STANDARDS : TOPICS: Vulnerabilities and Attacks KEYWORDS: Bloom's: Remember DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 10. Your enterprise experienced several technical issues over the last few days. There were multiple instances of

passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake. What type of malicious activity will this be considered? a. Spimming b. Whaling c. Spamming d. Vishing ANSWER: FEEDBACK:

d a. Incorrect. Spim is spam delivered through instant messaging (IM) instead of email. b.Incorrect. Whaling is a type of spear phishing that goes after big fishes like wealthy individuals or senior executives. c.Incorrect. Spam involves sending millions of unsolicited emails to a large volume of companies and/or recipients. d.Correct. Instead of using email to contact the potential victim, attackers can use phone calls. Known as vishing (voice phishing), an attacker calls a victim who, upon answering, hears a recorded message that pretends to be from the user's bank stating that their credit card shows fraudulent activity or that the bank account shows unusual activity. The victim is instructed to immediately call a specific phone number (which the attacker has set up). When the victim calls, it is answered by automated instructions telling them to enter their credit card number, bank account number, social security number, or other information on the phone's keypad.

POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks JECTIVES: Copyright Cengage Learning. Powered by Cognero.

Page 8

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security ACCREDITIN SY0-601.1.1 - Compare and contrast different types of social engineering attacks. G STANDARDS : TOPICS: Vulnerabilities and Attacks KEYWORDS: Bloom's: Apply DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 11. Attackers have taken over a site commonly used by an enterprise's leadership team to order new raw

materials. The site is also visited by leadership at several other enterprises, so taking this site will allow for attacks on many organizations. Which type of malicious activity is this? a. Spear

phishing b. Hoax c. Watering hole d. Vishing ANSWER: FEEDBACK:

c a. Incorrect. Spear phishing targets specific users. The emails used in spear phishing are customized to the recipients, including their names and personal information, to make the message appear legitimate. b.Incorrect. A hoax is a false warning, often contained in an email message claiming to come from the IT department. The hoax purports a "deadly virus" circulating through the internet and that the recipient should erase specific files or change security configurations and then forward the message to other users. c.Correct. A watering hole attack is directed towards a smaller group of specific individuals, such as the top executives working for a manufacturing company. These executives all tend to visit a common website, such as a parts supplier to the manufacturer. An attacker who wants to target this group of executives tries to determine the common website they frequent and then infects it with malware that will make its way onto the group's computers. d.Incorrect. Instead of using email to contact the potential victim, attackers can use phone calls. Known as vishing (voice phishing), an attacker calls a victim who, upon answering, hears a recorded message that pretends to be from the user's bank stating that her credit card has experienced fraudulent activity or that her bank account has had unusual activity. The victim is instructed to immediately call a specific phone number (which the attacker has set up). When the victim calls, it is answered by automated instructions telling her to enter her credit card number, bank account number, social security number, or other information on the phone's keypad.

POINTS:

1

Copyright Cengage Learning. Powered by Cognero.

Page 9

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks JECTIVES: ACCREDITIN SY0-601.1.1 - Compare and contrast different types of social engineering attacks. G STANDARDS : TOPICS: Vulnerabilities and Attacks KEYWORDS: Bloom's: Apply DATE CREATE 2/17/2021 6:15 PM D: DATE MODIFI 2/17/2021 6:15 PM ED: 12. Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company's IM account. Even though no one has clicked on the messages, they are spreading throughout the network.

Which type of malicious activity is this? a. Spear

phishing b. Whaling c. Spimming d. Vishing ANSWER: FEEDBACK:

c a. Incorrect. Spear phishing targets specific users. The emails used in spear phishing are customized to the recipients, including their names and personal information, to make the message appear legitimate. b.Incorrect. Whaling is a type of spear phishing that goes after big fish like wealthy individuals or senior executives. c.Correct. Spim is spam delivered through instant messaging (IM) instead of email. For threat actors, spim can have even more impact than spam. The immediacy of instant messages makes users more likely to reflexively click embedded links in a spim. d.Incorrect. Instead of using email to contact the potential victim, attackers can use phone calls. Known as vishing (voice phishing), an attacker calls a victim who, upon answering, hears a recorded message that pretends to be from the user's bank stating that her credit card has experienced fraudulent activity or that her bank account has had unusual activity. The victim is instructed to immediately call a specific phone number (which the attacker has set up). When the victim calls, it is answered by automated instructions telling her to enter her credit card number, bank account number, social security number, or other information on the phone's keypad.

Copyright Cengage Learning. Powered by Cognero.

Page 10

Name :

Clas s:

Dat e:

Mod 01: Introduction to Security POINTS: 1 QUESTION TY Multiple Choice PE: HAS VARIABL False ES: LEARNING OB CIAM.SEC+.22.1.3 - Describe the different types of vulnerabilities and attacks JECTIVES: ACCREDITIN SY0-601.1.1 - Compare and contrast different types of social engineering attacks. G STANDARDS : TOPICS: ...